add fw-new

2024-09-27 23:10:58 +02:00
parent 92099bd1e9
commit b7bfb0f62a
99 changed files with 14973 additions and 319 deletions
--- a/hosts/fw.cloonar.com/modules/firewall.nix
+++ b/hosts/fw.cloonar.com/modules/firewall.nix
@@ -30,6 +30,7 @@
              udp dport != { 53, 5353 } ct state new limit rate over 1/second burst 10 packets drop comment "rate limit for new connections"
              iifname lo accept
              iifname "wan" udp dport 51820 counter accept comment "Wireguard traffic"
+              iifname "wan" tcp dport 9273 counter accept comment "Prometheus traffic"
              iifname "lan" tcp dport 5931 counter accept comment "Spice"
              iifname { "server", "vserver", "vm-*", "lan", "wg_cloonar" } counter accept comment "allow trusted to router"
              iifname { "multimedia", "smart", "infrastructure", "podman0" } udp dport { 53, 5353 } counter accept comment "DNS"